Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Open Source Voting Software Concept Released

Soulskill posted more than 4 years ago | from the one-for-you-and-two-for-me dept.

Government 121

filesiteguy writes "Wired is reporting that the Open Source Digital Voting Foundation has announced the first release of Linux- and Ruby-based election management software. This software should compete in the same realm as Election Systems & Software, as well as Diebold/Premiere for use by County registrars. Mitch Kapor — founder of Lotus 1-2-3 — and Dean Logan, Registrar for Los Angeles County, and Debra Bowen, California Secretary of State, all took part in a formal announcement ceremony. The OSDV is working with multiple jurisdictions, activists, developers and other organizations to bring together 'the best and brightest in technology and policy' to create 'guidelines and specifications for high assurance digital voting services.' The announcement was made as part of the OSDV Trust the Vote project, where open source tools are to be used to create a certifiable and sustainable open source voting system."

cancel ×

121 comments

Sorry! There are no comments related to the filter you selected.

Vote... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29853703)

for the first post!

Programmer Thinking (5, Insightful)

Anonymous Coward | more than 4 years ago | (#29853745)

Once again, programmers thinking software will change the world.

Elections are not based on trust of software, it is based on trust of the PROCESS.

Don't trust the PROCESS, and it doesn't matter how trustworthy your software is.

I want an PROCESS that has ACCOUNTABILITY. A "Bug" in your software means someone goes to jail for negligence, or pays for the cost of a reelection.

Here in the great white North, we have a paper ballot. A simple "X" inside a circle. Human verifiable, countable, no switches, electrons, software, etc. Weeks or months after the election I can see the recounts.

Software can solve a lot of problems, trust is not one of them.

Re:Programmer Thinking (2, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#29853817)

Yeah, but honestly I trust a properly programmed machine a lot more than I do humans. Why? Humans make errors, lots of them. Sure, most of us could count 50 votes with 100% accurately, but 500? 1000? If you are volunteering to count votes chances are you are politically involved, after all what is the harm in adding a few votes here and there... The problem results from how various companies have screwed up something as simple as if vote = yes then add 1 to variable Yes, if vote = no add 1 to variable No and then print the variables. Obviously its not that simple, but it shouldn't be that hard.

That isn't even going into the fact that I don't even trust our election system because it doesn't give equal representation to people with different political views....

Re:Programmer Thinking (2, Insightful)

agnosticnixie (1481609) | more than 4 years ago | (#29853883)

That's why votes are counted by groups of people who make sure they are valid and, in some cases, will have counters making sure the counting remains politically balanced. Not by a single person.

perhaps electronic voting could also be... (0)

Anonymous Coward | more than 4 years ago | (#29854169)

systematically verified, by requiring percentages of votes to be verified anonymously and privately, over a commensurate period of time.

perhaps by having the voter be contacted and asked for a token that was provided when the voting occured

Re:Programmer Thinking (1)

myspace-cn (1094627) | more than 4 years ago | (#29855175)

That's called "public oversight" and with an "unbroken chain of custody", there will never be a failure. Break one of the TWO and FAIL but the same thing goes for electronic vote tabulation devices, break say chain of custody because humans can't see the signal representing the vote and you break the chain of custody.

CHAIN OF CUSTODY IS THE PROBLEM

ALL HARDWARE FAILS THIS DILEMMA
SOFTS RUNS ON THE HARDWARE

FRAVIA'S GHOST HATES YOU IDIOTS!

Re:Programmer Thinking (2, Insightful)

camperdave (969942) | more than 4 years ago | (#29853965)

Ballots are counted by a number of people. There are scrutineers from the various political parties watching. Also, the number of ballots collected needs to match the number of ballots issued. You can't just add some.

Re:Programmer Thinking (1)

CastrTroy (595695) | more than 4 years ago | (#29858155)

Problem with computers is that there is no way of verifying what software is running on them when I walk up to them on election day. And since there are many people (who I wouldn't trust) handling the machines, transporting them from the factory to the warehouse, guarding the warehouse, cleaning the warehouse, transporting to the polling station, setting them up at the polling station. I would be much more inclined to trust pen and paper as I could check the box was empty at the start of the day, check that my vote makes it into the box, and then watch them count at the end of the day. Of course not everybody personally has to watch the process, but you can, and as long as enough interested people do, the system is sufficiently trustworthy. At least way more so than a computer, which I really can't see what it is doing on the inside. Just because it's says I voted for candidate X on the screen, and prints out a receipt, doesn't mean it actually registered the same on the hard drive. And we shouldn't have to call for a recount to have some assurance of getting votes counted properly, recounts are hard to get, unless you can show huge problems with the results.

Re:Programmer Thinking (2, Insightful)

loteck (533317) | more than 4 years ago | (#29853841)

Why can't open-source, verifiable software be part of your hallowed PROCESS? It can. And ought to be. Software engineers have a legitimate seat at this table.

Re:Programmer Thinking (0)

Anonymous Coward | more than 4 years ago | (#29854185)

"Why can't open-source, verifiable software be part of your hallowed PROCESS? It can. And ought to be. Software engineers have a legitimate seat at this table."

Depends, did these "software engineers" actually take engineering courses? Do they have a certification or license from a professional body?

Do they have a body I can report them to if something goes wrong?

Can I hold them professionally and personally responsible if something goes wrong?

If the answer is 'no' to any of these questions, than sorry, they are:

a) not real engineers
b) can not have a seat on the table of my 'hallowed process'.

come back when I can sue someone for a 'bug' that results in a reelection.

Re:Programmer Thinking (0)

Anonymous Coward | more than 4 years ago | (#29854363)

Can I hold them professionally and personally responsible if something goes wrong?

I suggest you reread any EULA

Re:Programmer Thinking (1)

myspace-cn (1094627) | more than 4 years ago | (#29855185)

+1 Funny

Re:Programmer Thinking (1)

davester666 (731373) | more than 4 years ago | (#29854703)

"Open Source Voting Software Concept Released"

Everybody read this again. Only the concept was released. No actual code is available yet... :-)

Re:Programmer Thinking (1)

myspace-cn (1094627) | more than 4 years ago | (#29855189)

But politically OSV are in place. NOT GOOD!

FUCK ELECTRONIC VOTE TABULATION DEVICES
they caused every problem the United States now has!

Re:Programmer Thinking (1)

Roland Deschene (985837) | more than 4 years ago | (#29859439)

Agreed.

I don't understand what is the damned rush to get the votes tallied up and a winner announced the night of the election. I say, take your time, get a bunch of little old ladies to count them up, and so what if the results come in the next day, or even the next week?

Re:Programmer Thinking (0)

Anonymous Coward | more than 4 years ago | (#29857525)

Why can't open-source, verifiable software be part of your hallowed PROCESS?

Because that process would hardly be transparent for most people. Everyone grasps the concept of a cross on a piece of paper put into a sealed box.

How many people could verify a software that does nothing more than increasing a number when a button is pressed? And that is the most simple process you can think of. A very unsatisfying one because it is easily manipulated.

Re:Programmer Thinking (1, Funny)

Anonymous Coward | more than 4 years ago | (#29853925)

no switches, electrons, software, etc.

One would think you would have trouble forming paper ballots, or any macroscopic matter, without electrons....

trust? (1)

jipn4 (1367823) | more than 4 years ago | (#29853971)

I want an PROCESS that has ACCOUNTABILITY.

You apparently want a pony. Whatever the process and accountability may be with FOSS voting systems, they are almost certainly better than anything Diebold has been offering.

A "Bug" in your software means someone goes to jail for negligence, or pays for the cost of a reelection.

If that's your standard, only crooks will provide voting software.

Here in the great white North, we have a paper ballot. A simple "X" inside a circle. Human verifiable, countable, no switches, electrons, software, etc.

And yet subject to widespread abuses--historical and contemporary--as well.

Re:trust? (1)

myspace-cn (1094627) | more than 4 years ago | (#29855197)

only crooks will provide voting software.

Aye! You get it.

YOUR MY NEW FRIEND

Re:Programmer Thinking (0, Redundant)

kylebarbour (1239920) | more than 4 years ago | (#29853981)

Once again, programmers thinking software will change the world.

Elections are not based on trust of software, it is based on trust of the PROCESS.

This is completely true, but having voting machine software that the public can trust is a part of that. I can't trust the process if the software makes it easy to cheat and hide it, or if there's no way for the public to verify that the voting machines do what they're supposed to.

Wouldn't it be better to have the accountability of paper ballots with all of the benefits of electronic voting (ease, accuracy, instant results, results can be uploaded and publicly accessed, etc.)? We can engineer that, and this is a good first step.

Re:Programmer Thinking (2, Interesting)

joshuaheretic (982785) | more than 4 years ago | (#29854079)

I personally prefer paper ballots as well, and you're right that it's all about trust in the process. However, the fact is that many areas are rolling out electronic voting whether we would like it or not. And in a narrow field of options, I would like more than just a buggy, black-box Diebold piece of shit. If they can provide an OSS solution that works and can be audited for security and reliability, that would be infinitely preferable to the proprietary options with a poor track record. Just make sure there are paper receipts!

Re:Programmer Thinking (1)

myspace-cn (1094627) | more than 4 years ago | (#29855217)

"the fact is that many areas are rolling out electronic voting whether we would like it or not."

Oh Truth. So sweet.

Remember here in California we used electronic vote tabulation devices to vote for more electronic vote tabulation devices? Don't even try to say no.

"I would like more than just a buggy, black-box Diebold piece of shit."
Hell I want the fucking US Constitution restored. Right now we have officials who were elected using "a buggy, black-box Diebold piece of shit." They know the machines are b0rked it's why they are not accountable to the public.

Don't sell out for a half-ass "better" system, when the underlying problem is HARDWARE and it isn't fucking checked!

Re:Programmer Thinking (1)

GrumblyStuff (870046) | more than 4 years ago | (#29855749)

No receipts.

Boss asks who you voted for. You pause, remembering past instances overhearing his views and how much you disagreed with them.

"The other guy," you say.

"That's good. That's good," he replies. "Got the receipt?"

Feel free to replace boss with anyone in the position to influence your voting habits via unpleasantness.

Re:Programmer Thinking (0)

Anonymous Coward | more than 4 years ago | (#29858913)

You say "No" and if he argues, he's violating your privacy. Don't see the problem. Just because there'd be physical evidence of who you voted for does not mean it would inevitably lead to authority figures in an individual's life using them against that individual.

I am not saying I agree with GP, but I would like to point out that you've presented a false dichotomy. There are many ways it could go - paper receipts do not automatically mean coercion from authority.

Re:Programmer Thinking (1)

mcrbids (148650) | more than 4 years ago | (#29854125)

No PROCESS based on closed-source software can ever be trusted for elections.

Having a free, open-source voting system at lesat opens the door to a possibility. I'm not saying software-based voting systems are the best. But having more options is generally a good thing...

Re:Programmer Thinking (1)

calmofthestorm (1344385) | more than 4 years ago | (#29854275)

The thing is that the method being trustworthy is necessary, though not sufficient, for trust of the process. With Diebold, a blatantly untrustworthy system mired in problems with bias, incompetence, and lack of security, it doesn't really matter how much I hypothetically trusted the government deploying it.

Re:Programmer Thinking (1)

nancymarc (1614547) | more than 4 years ago | (#29854411)

it is a very good news.i want to buy this software. Muscle Might [ezinearticles.com]

Re:Programmer Thinking (1)

ahabswhale (1189519) | more than 4 years ago | (#29854603)

lol...you don't think paper ballots can be cheated? It's trivially easy to break that system and it happens in countries around the world every fucking year. Deep down I know you realize that. It's not that you trust paper. It's that you don't trust electronics. There's a difference

Re:Programmer Thinking (1)

myspace-cn (1094627) | more than 4 years ago | (#29854969)

And in every case where paper ballots were "cheated" there was a "broken chain of custody."

Put that in your pipe.

Re:Programmer Thinking (1)

ahabswhale (1189519) | more than 4 years ago | (#29858175)

"And in every case where paper ballots were "cheated" there was a "broken chain of custody.""

Really? You pulled that out of your ass. Prove it.

For the time being, I'll let your lie go and argue the point anyway:

Chain of custody is purely process lingo (i.e., bullshit). It works great until you have corrupt officials involved, at which point your precious process isn't worth fuckall.

Stick that in your pipe.

Re:Programmer Thinking (1)

Casandro (751346) | more than 4 years ago | (#29854695)

Absolutely, the problem with software or complex hardware of any sort is that the average person cannot verify it working. The simple "paper and pencil" approach can be understood and verified by everybody, even people who cannot programm or cannot reverse-engineer complex microelectronics with their bare eyes.

Re:Programmer Thinking (1)

myspace-cn (1094627) | more than 4 years ago | (#29854959)

The PROCESS doesn't matter if the HARDWARE has been specially crafted at the doping level. How many of you in the OSV are checking the hardware with an electron microscope? None. I rest my case, Open Source Electronic Voting will Never fix the problem with a broken chain of custody.

Broken Chain of Custody IS the problem.

Although, what will likely happen.. is the OSV will somehow manage to snow over officials and Debra Bowen. You'll get open source to replace closed source, but the hardware will still be a problem and it will take us another 20 years to prove it and outlaw it nationally like all the rest of these electronic vote tabulation devices.

I find it very depressing that the majority of slashdot folks love the idea of open source voting but fail to waste 2 neurons on hardware security. Just cause it says a part number on a chip, doesn't mean that chip is what it says it is.

It's almost a waste of my time continuing to fight with you, but in the rare chance at least one of you smart programmers wakes up to the fact that ALL software runs on hardware, and the hardware isn't being checked at all. Frankly it can't be without destroying it under an electron microscope.

So you go ahead and push open source as your agenda, instead of outlawing these crappy broken unvalidatable insecure electronic vote tabulation devices, and enjoy the fact you can't hold your officials accountable, because you can't count your own fucking vote..

Re:Programmer Thinking (1)

madhusudancs (1278924) | more than 4 years ago | (#29855285)

Software can solve a lot of problems, trust is not one of them.

Amazing quote. I just loved your ending line quote. Thanks for that. Makes a lot of sense!

Re:Programmer Thinking (1)

Strilanc (1077197) | more than 4 years ago | (#29857093)

I am constantly amazed at the cynicism from Slashdot about electronic voting. Yes, the existing systems have generally sucked. A lot. But that doesn't mean it's impossible to do.

The fundamental problem which must be addressed is verifiability. In order for the election to be secure, you must have a process which guarantees that tampering will be detected with high probability, **even if a malicious company designs a large portion of the voting machines**. This is not an impossible problem!

For example, suppose you want to be sure your vote is not being flipped. A system which meets that criteria is for the voting process to go as normal, then the machine encrypts and publishes the vote (accessible from the internet), which you verify. Then you are prompted to either check or commit the vote. If you 'check' the vote the machine publishes the encryption keys for the vote, and if you 'commit' then the machine publishes a commitment. All of these actions can be verified by you.

Now, that system isn't perfect (it can compromise the 'secret' part of the ballot). But there are verifiable systems which meet all the criteria for an election. They are not less secure than paper ballots, they are *more* secure. Don't trust the machine, trust the verifiable actions the machine must perform.

Re:Programmer Thinking (2, Informative)

Walkingshark (711886) | more than 4 years ago | (#29858639)

Or, you could just do it the obvious way that no one ever talks about:

1) You fill out your ballot electronically (on a touch screen or whatever)
2) Ballot box prints out a human-readable ballot.
3) You check over to make sure there are no mistakes
4) You carry your ballot over to the ballot box and drop it in, where a scanner scans the ballot in and counts your votes.
5) Later, if there is a problem, humans go back and count the votes by hand (as they do now)
6) There you go, all the benefits of electronic voting AND all the benefits of paper and pen voting all in one easy to understand system

Problem: it doesn't leverage the power of electronic information technology to make it ridiculously easy to steal an election. Thats why it will never happen in this country.

Re:Programmer Thinking (1)

BikeHelmet (1437881) | more than 4 years ago | (#29860837)

Here in the great white North, we have a paper ballot. A simple "X" inside a circle. Human verifiable, countable, no switches, electrons, software, etc. Weeks or months after the election I can see the recounts.

Oh, so you're one of them, are you? I always use a checkmark, which indicates positivity! ;)

Sweet! (1, Redundant)

tobiah (308208) | more than 4 years ago | (#29853751)

That's pretty cool.

Re:Sweet! (2, Insightful)

Brian Gordon (987471) | more than 4 years ago | (#29853801)

No it's not. Slashdot was up in arms against electronic voting when it was closed-source. Open-source doesn't make much of a difference.

And Ruby? Linux? What. Assuming they compile Ruby into java bytecode or something to sidestep the FEC regulation against interpreted code in voting machines, Ruby still isn't a great choice. It should run absolutely as close as possible to bare metal to make sure a JVM bug or a Ruby bug doesn't affect the results. Anyway, why Ruby? Not that I have anything against it but really why did they pick Ruby?

Linux wouldn't be my choice for a kernel either. It's too experimental and rapidly changing for me to feel great about asking 300 million people to trust it, at least while we have OpenBSD lying around.

Re:Sweet! (0)

Anonymous Coward | more than 4 years ago | (#29853839)

OpenBSD is dead.

Re:Sweet! (0)

Anonymous Coward | more than 4 years ago | (#29854921)

OpenBSD is dead.

i would think so too after having spied as agent 077, confronting the blob, and acting as ssheriff...

but nope, i heard he just finished escaping the planet of the users on last week

Re:Sweet! (3, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#29853889)

No it's not. Slashdot was up in arms against electronic voting when it was closed-source. Open-source doesn't make much of a difference.

While I still think we should use paper ballots (what exactly does e-voting gain us?) it makes a world of difference if the code is open or closed source. Voting is all about trust, if I can see the source and verify that it doesn't have any major bugs in it that is a step in the right direction compared to closed source. Secondly open source is cheaper, I don't want my tax dollars wasted on proprietary software, especially if there is an open source alternative. If we are going to have e-voting, it had better be open source, closed source is unacceptable.

Ruby still isn't a great choice. It should run absolutely as close as possible to bare metal to make sure a JVM bug or a Ruby bug doesn't affect the results.

Sure, but it does provide more readable and testable code while reducing the risk of hardware dependent errors. I think most people can say with certainty that the Ruby interpreter is reasonably stable as is the JVM.

Linux wouldn't be my choice for a kernel either. It's too experimental and rapidly changing for me to feel great about asking 300 million people to trust it

Does Linux change? Yes. Does that affect the stability of a certain kernel version? No. If they stick with 2.6.31.5, it doesn't matter if 2 months from now if 2.6.32 comes out because 2.6.31.5 will still run with no problem (outside of some serious bug), everything in voting machines should be static, no new hardware, no new software, just configuration changes. Linux has been running in embedded systems just like what I described for years now with no problems.

Re:Sweet! (2, Insightful)

Plunky (929104) | more than 4 years ago | (#29854963)

if I can see the source and verify that it doesn't have any major bugs in it that is a step in the right direction compared to closed source

You do know though, that the source is not the code that is running on the machine iself, right?

How do you propose to verify that the source code has not been altered before or during the compilation process? I guess, since the source is available you could compile it yourself and write down the checksum to compare with the voting machine binary checksum. Wait, how do you get that, some program running on the voting machine? Also, you know that the voting machine counts a certain number of votes but that count must pass through an indeterminate number of machines upstream, any one of which could be tweaking the figures. Who do you trust?

No, you were right the first time, paper ballots and manual counting is best. Yes, it is labour intensive and slow but IMO the real benefit of that is secondary in that lots of people must participate in the voting process and they may come to realise that the political process is not about what politicians want but is run by and for the people. I don't want to see a streamlined political process, extended discussion and well thought out arguments are vital! Moreover, I think election day should be a national holiday and it should be illegal to operate any non essential business. All citizens should be required to attend voting stations for a certain minimum time, not just to vote but to participate in the process.

Re:Sweet! (1)

myspace-cn (1094627) | more than 4 years ago | (#29855069)

How do you propose to verify that the source code has not been altered before or during the compilation process?

That's close, but not the entire problem. The entire problem is all these electronic signals (+5v High) (+3v Low) are running on chips which you never watched the doping process for. These signals furthermore are invisible to the human visibility spectrum.

What are we going to have poll watchers walk in with a spectrum analyzer, freq counter, logic analyzer, O scope, and simpson meters? I don't fucking think so.

Even if they did, they still can't know what the chips are actually doing.

Chips also burn out. (do they burn out or purposely burn up? what countermeasure is in place? none!)

The United States needs to use a paper ballot, hand counted, with an unbroken human and public chain of custody, and no electronic poll books either. (they've already been freaking exploited!)

Mail in should be discouraged as this is a "Broken Chain of Custody"

You might notice I use that phrase a lot. It's because no matter what method of voting, it is the problem.

With electronics the endgame is you can win more votes at once than you ever possibly could with paper and you can do it fast (3e8!)

That's the threat. If there's a election terrorist, it's whoever allowed this shit in the first place.

The public needs COPS working for them, no local law enforcement, specifically trained COPS who understand "chain of custody" and who won't allow either the public, themselves, or officials break the chain of custody!!!

Call me a Troll, burn in hell.

Re:Sweet! (2, Insightful)

TBoon (1381891) | more than 4 years ago | (#29857451)

While I still think we should use paper ballots (what exactly does e-voting gain us?)

e-voting gains the ability to know the results instantaneously the moment voting ends, and saves lots of man-hours counting them. The former is pointless, as any hand-over of power never happens until days/weeks/months later, and neither are worth eliminating the possibility of a recount.

Machine-readable paper-ballots seems to be a decent compromise. Instant results with recount possibilities. A smallish number of humans can double-check some samples to ensure the machine results are correct, and trigger larger manual recounts if there is reason to believe the machines malfunctioned or were tampered with.

Re:Sweet! (1)

nmb3000 (741169) | more than 4 years ago | (#29854937)

Anyway, why Ruby? Not that I have anything against it but really why did they pick Ruby?

Maybe they wanted to emulate that nice slow ka-CHUNK action of the lever-pull voting machines? For that they'd need the absolute [gmarceau.qc.ca] slowest [debian.org] popular programming language available. Hence, Ruby.

Mostly Works (5, Funny)

Anonymous Coward | more than 4 years ago | (#29853755)

Early reports are now in on the software. Though it runs faster than proprietary rivals, the power management doesn't work, its not yet configured to work with touch screens, and it can only be administered by grumpy self righteous technicians who insist that voters read the man pages before voicing questions.

Re:Mostly Works (1)

palegray.net (1195047) | more than 4 years ago | (#29853769)

Note to mods: the AC above is aiming for funny, not insightful.

Re:Mostly Works (0)

Anonymous Coward | more than 4 years ago | (#29853993)

Note to you: insightful grants karma, funny does not. Quite a few mods throw insightful towards a funny post for that reason.

Re:Mostly Works (0)

Anonymous Coward | more than 4 years ago | (#29854065)

Note to you: posts from Anonymous Cowards don't need karma (except this one... mod informative)

Can it run on Diebold hardware? (2, Interesting)

Ungrounded Lightning (62228) | more than 4 years ago | (#29853771)

If so it could let a lot of counties currently stuck with that PoC switch to the open source code without buying extra hardware. Just load the free software in the existing hardware (and maybe add a printer).

The Diebold machines are essentially PCs with touchscreens so they shouldn't be a tough port for Linux and the apps.

Using the existing hardware could save a bundle.

Re:Can it run on Diebold hardware? (0)

Anonymous Coward | more than 4 years ago | (#29853961)

Can you trust the bios on a Diebold machine?

All the software on voting machines should be testably open and some effort made to keep them safe from virtual machines placed between the voter and the known and accepted software that is supposed to be counting their votes.

Re:Can it run on Diebold hardware? (1)

myspace-cn (1094627) | more than 4 years ago | (#29855291)

Bzzzzt

Elections need to be paper ballots with an un b0rked chain of custody

Re:Can it run on Diebold hardware? (1)

Ungrounded Lightning (62228) | more than 4 years ago | (#29857421)

Can you trust the bios ... All the software on voting machines should be testably open and some effort made to keep them safe from virtual machines ...

And similarly additional posters object to potentially hacked chips and extraneous RF interfaces ...

I agree with you there. Replace or reflash the BIOS ROM. Inspect for extraneous interfaces. And of course be sure the CPU is not one that supports Intel AMT or similar schemes that can open sneak channels and get between the main CPU(s) and their peripherals.

However, except for the BIOS I'd expect such issues (wireless, hacked chips, ...) to be mainly applicable to future hardware.

The Diebold machines are somewhat older technology and even if they were deliberately designed for election cheating I'd expect the focus to have been on the software. Providing such hardware backdoors that would work WITHOUT BIOS, OS, or application support would have made the project too big and leak-prone with the technology available at the time.

These days it's essentially off-the-shelf. So lots of care needs to be taken with the components and hardware design. (For starters: NO Intel AMT-capable parts, or others with "remote administration" backdoors.)

Re:Can it run on Diebold hardware? (1)

myspace-cn (1094627) | more than 4 years ago | (#29855273)

HARDWARES? Did I hear you say hardware? Are you talking about my specially crafted hardware? Special for you only two dolla per chip0r specially crafted hardware win all election, specially crafted hardware with malicious logic designer, remote rf kill switch, parallel logic, specially crafted for you.

Re:Can it run on Diebold hardware? (1)

myspace-cn (1094627) | more than 4 years ago | (#29855277)

Guaranteed no poll watcher without spectrum analyzer can find.

I don't get... (4, Interesting)

Darkness404 (1287218) | more than 4 years ago | (#29853791)

I really don't understand what problem electronic voting using computers is supposed to solve. Why not just make scantron ballots (some places already use them) they are paper so they are verifiable, easy to understand (who didn't have to do a multitude of these in high school?), and a machine can calculate them. About the only glitch is you can't change your mind without getting a new ballot, but its honestly not that hard.

Re:I don't get... (0)

Anonymous Coward | more than 4 years ago | (#29853861)

AFAIK, these are scantron-like ballots. We currently use them in LA, and they are somewhat verifiable. However, that does not stop the election terrorists like Brad Freedman and Bev Harris from claiming we're defrauding the public.

Nevermind the fact that prior to counting the votes, the ballot readers are verified against a known sample for accuract. The readers are vallidaed again after counting the 3M+ (over 4M in 2008) ballots.

This software is currently addressing the election management process - voter registration, ballot layout (the paper you read while looking at the voting machine), precinct coordination (LA has ~5,000 precincts), polling place lookup and staffing, precinct supplies, phone guides....

Re:I don't get... (2, Interesting)

myspace-cn (1094627) | more than 4 years ago | (#29854987)

election terrorists?
Complete psyop propaganda.

Brad Friedman - http://bradblog.com/ [bradblog.com]
Bev Harris - http://blackboxvoting.org/ [blackboxvoting.org]

These two people are as far from election terrorists as you can get.

The one thing you purposely leave out of this discussion is the broken chain of custody which electronic signals representing votes create.

Your software runs on hardware, hardware which is not checked, because to check such hardware you would have to destroy it by reverse engineering it under an electron microscope.

If you on slashdot listen to this idiot AC, our country is going to keep screwing up down the same path. Officials KNOW electronic voting is rigged, that's why in conjunction with corporate media they can never be held accountable.

Re:I don't get... (1)

myspace-cn (1094627) | more than 4 years ago | (#29855297)

your an especially disgusting person for saying what you said about brad and bev

Re:I don't get... (2, Insightful)

TubeSteak (669689) | more than 4 years ago | (#29854331)

I really don't understand what problem electronic voting using computers is supposed to solve.

Handicap accessibility, ballot complexity, but mostly hanging chads.
The ability to almost instantly compile election results is just a bonus.

Scantron ballots are a good idea, but people are stupid &/or prone to mistakes and will screw it up.

Solves paper ballot management problems (2, Insightful)

jjo (62046) | more than 4 years ago | (#29856895)

Paper ballots, either hand- or scanner-counted, have a few management issues that are made easier and cheaper with electronic voting:
  1. the polling places must be sure that they don't run out, so election officials must print ballots based on their guess of the maximum possible turnout. This makes for almost certain wastage of ballots.
  2. In many places, mutliple versions of ballots must be maintained in inventory for multiple languages and/or multiple jurisdictions, each version having the same problems listed above.

These problems are, of course, completely manageable, but at a cost. Election officials would welcome a cheaper alternative balloting system, provided it worked just as well as the best ones in use now. That the the crux of the issue.

Re:Solves paper ballot management problems (1)

CastrTroy (595695) | more than 4 years ago | (#29858265)

Which is so much worse than the electronic voting places, where they have to have enough computers to keep up with demand. Of course, they never do have enough machines, or they end up breaking down, so you end up having to wait in line for an hour or three. Contrast that with paper systems, where you can set up another ballot station with a piece of cardboard.

Buzzword politics minefield, synergistically (1)

dangitman (862676) | more than 4 years ago | (#29853803)

The OSDV is working with multiple jurisdictions, activists, developers and other organizations to bring together 'the best and brightest in technology and policy' to create 'guidelines and specifications for high assurance digital voting services.'

So... ahh... good luck with that. Sounds a lot like swimming through sewerage to me, but I guess somebody has to do it.

Re:Buzzword politics minefield, synergistically (1)

myspace-cn (1094627) | more than 4 years ago | (#29855307)

i luv you

OK, why Linux, why Ruby? (1, Troll)

r7 (409657) | more than 4 years ago | (#29853831)

Curious about the choice of OS, given that Linux security, especially the kernel, is known to be inferior to BSD, OpenBSD in particular. Also curious about the choice of programming language, Ruby, when Python is known to be more readable, and more easily audited. Shouldn't the most important feature of a voting system, aside from useability and accesibility, be its auditability? Why would anyone choose a system that is known to be less auditable and less secure?

Re:OK, why Linux, why Ruby? (1)

thatkid_2002 (1529917) | more than 4 years ago | (#29853979)

I totally agree with your opinion on Python - and the code should be readable or else it kind of defeats the purpose of saying "anybody can review it". That and Python generally shits all over Ruby in pretty much every way.

But I suspect Linux was chosen for a few reasons - firstly it was probably what the creators of this project knew best and secondly it has better hardware compatibility and more consultants/contractors readily available to deal with Linux. If you know nothing about an OS it is hard to configure it to be secure (but Windows just fails no-matter how well you know it).
Just my two cents.

Re:OK, why Linux, why Ruby? (0, Flamebait)

pmontra (738736) | more than 4 years ago | (#29854951)

Any language that gives a semantic meaning to indentation should be banned from this world, but this is mostly a matter of religion so I won't go deeper into that. What I'm interested into is to learn about objective measures of the auditability of different programming languages. Do you have some references? I googled a little but I didn't find anything meaningful particularly about Python and Ruby . Thanks.

Re:OK, why Linux, why Ruby? (0)

Anonymous Coward | more than 4 years ago | (#29860303)

Any language that gives a semantic meaning to indentation should be banned from this world...

If you don't indent correctly then you should be banned as a programmer. Python just enforces that.

Re:OK, why Linux, why Ruby? (3, Insightful)

Dhalka226 (559740) | more than 4 years ago | (#29855117)

lso curious about the choice of programming language, Ruby, when Python is known to be more readable, and more easily audited

Known by whom? Python fanbois?

I'm honestly not trolling and I'm honestly not trying to start a Python/Ruby flame war, but let's not try to hide opinions behind worthless statements like "Python is known to be," particularly when the metric is as subjective as "readb[ility]."

Aside from the enforced nature of Python whitespace, I don't find there to be much of a difference between the two in terms of readability. I prefer specified ending blocks, whereas Python seems to merely use a blank line and the indentation. What jumps out at me (as a Ruby fan) more than anything is how stupid and unintuitive '"""' is as a commenting option. Eesh. But all of that is personal preferences, as it should be. There's no substantive differences and certainly nothing measurable enough that we should bandy about statements like Python being known to be more readable.

Chances are, by the way, that's your answer. Why Ruby instead of Python? The authors likely preferred it and were more familiar with it. It needn't be any more complex than that.

Computers should count votes (4, Insightful)

symbolset (646467) | more than 4 years ago | (#29853869)

Once they've been granted suffrage. Not before.

I post this same post every time we have a computerized vote counting thread. My objection to this has nothing to do with whether it's a secret proprietary process or a totally open FOSS solution. With each generation of computer technology we gain the opportunity to go wrong with greater speed than ever before. Yes, proprietary solutions are horrid and there's some evidence that they've been used to steal votes and they're truly evil. Unfortunately, FOSS tools can be abused too.

I guess my point is that the process of counting votes using humans is an important part of representative democracy because it doesn't just achieve the goal of "counting the vote". It also impresses on the participants the importance of sanity and trust and impartiality in the process, without which constant reinforcement we can expect democracy to rapidly go off the rails. Compared to that social good, the importance of getting same-day results fades in importance.

Re:Computers should count votes (1)

myspace-cn (1094627) | more than 4 years ago | (#29854997)

I'm with you, but I add some info..

It also doesn't break the chain of custody with invisible electronic signals representing votes.

With paper ballots to break the chain of custody, officials have to pull some shit. Like saying DHS and the FBI have a terrorist attack, and the vault with the ballots will have to be left alone.

Or using local law enforcement to arrest poll watchers.

With electronic voting nearly every part of the system can be exploited. Starting with HARDWARE.

Simple solution: (0)

Anonymous Coward | more than 4 years ago | (#29853907)

Electronic voting machine allows people to vote, prints off a small receipt.

Receipt has:
1) name/choice of every vote made, human readable
2) a barcode that encodes all this information

Verifiable:
each and every receipt can be shown to have words matching what the barcode says

Countable:
Just scan each receipt, or if you aren't sure after that, have humans count the names read on the ballat

Voter intent:
No more problems of 'did they really mean to vote for that guy?' there aren't 'levels of inking' just black and white, this is the name on the slip.

Re:Simple solution: (1)

myspace-cn (1094627) | more than 4 years ago | (#29854999)

Verifiable:
each and every receipt can be shown to have words matching what the barcode says

This idea breaks TRANSPARENCY and is unacceptable.

Re:Simple solution: (1)

Philip_the_physicist (1536015) | more than 4 years ago | (#29855227)

Using an OCR font would be better, sicne the same material can be read by ordinary people as machines, so it would preserve verifiability and transparency

Solving the problem wrong (5, Informative)

ComputerSlicer23 (516509) | more than 4 years ago | (#29853939)

Come back when it is not written in an interpreted language, in a language capable of driving hardware, and it has "real" functionality. I looked quickly, and the tabulation code is virtually empty. Both the Python and the Javascript will be non-starters and the code rejected out of hand the first time reviewed (and none of the VSTL's will have anyone capable of reviewing Python). Java passes because of the bytecode. Python might pass because of the .pyc files. The Javascript will be a problem. The lack of type declarations will likely also be a problem in Python. It will be hard to follow the documentation rules that require all of the types to be documented.

None of this code stands a chance of VVSG compliance (the Federal Election standards which code must pass to be certified if any Federal funds are used to purchase the hardware or software). The list of blatantly obvious things wrong with the code base in the one file I looked in:

  • The code files does not have a valid modification history for the file.
  • The code does not have per function comments.
  • The code uses multiple returns inside of a single function.
  • Repeatedly use the same values without having them be assigned to a constant.
  • Have single variable letter names that are not used for array indexes.
  • Usage of numerical constants other then -1, 0, 1 without a comment explaining the value.
  • Not all control flows decision points are documented.
  • It has lines longer then 80 characters.

Or at least those are the obvious things I found in one example file [github.com] in the 2 minutes it took me to scan it quickly. Remember, the coding guidelines are written by people who have never written a line of code, and are designed to protect against common mistakes from the mid-80s. So the fact that the entire system is in version control is irrelevant. Even if you give them all of the version control, you must document the changes to the code at the top of the file. You must document the changes per function. Even though no one would ever do it in this day and age, your code must be printable on a standard 8.5" wide paper.

All of the rules required to follow are obscene. You can't have function or variable names that differ by a single letter. It took 3-4 years to get an exception to that rule to allow the usage of "getFoo", "setFoo", because they differ by a single letter. You can't use 0x80 to represent the MSB of a byte, if you call that PIN_8, and had PIN_1 those differ by a single character, so we had to do PIN_EIGHT, PIN_ONE. It's just archaic. Oh, and you get to document every function a function calls. Because they couldn't possible use a compiler that would build a call list automatically.

The rules don't explicitly mention exceptions, so it depends on who is reading the code if they treat an exception as having multiple entry/exit points. So it is generally easier to get the code past compliance without exceptions, even if it does lead to buggier code. The other rule they invoke is that you are only allowed to use the control flow structures documented in the VVSG (they have flow charts for the allowable forms of if, if/else, for, while, and switch statements. They specifically state that if the language you are using does not have those, you must simulate those flows of control in the language used.

Oh, and if LA thinks it has the hardest jurisdiction because they have 7 languages, I believe NY has at least 20-30 languages or dialects just in NYC, they have several election districts (they'd be called precincts anywhere else in the country, but in NY, the word precinct is only used for the NYPD and maybe the NYFD) that have more then 7.

I've written code that has been used to count ballots in both state and federal elections. Trust me, this code base will have to be re-written from scratch to meet the 2002 or 2005 VVSG standards. By the time this code is likely to be ported to certified election hardware, it will have to support the 2007 VVSG standard. Which will impose yet more conditions upon it, the most obvious is that everything is stored in the clear. Everything involved in storing the results of a ballot count must be stored in encrypted formats on all physical media. Never had to be certified under those rules, but I read them. I believe that is the big change.

I wish them the best of luck, and hope that they succeed. I think it is a great thing. I think they are tackling the engineering aspects, but lack the understanding of the bureaucracy that will be required to allow this code to ever be Federally certified. The hard part isn't writing the code. It isn't even writing the secure code. It's finding programmers willing to follow the awful rules they impose upon the code. No rule has an exception. EVER. Using gotos to avoid duplicating error handling code as is common in C in the Linux kernel, is verboten. The code would fail immediately, and no amount of explanation will overcome that. Fortunately Linux is considered "COTS", and does not have to pass review. Ultimately, they will be forced to swallow their pride and modify the code to be in a style no programmer will ever want to read or write if they want it to actually comply with the VVSG rules.

Re:Solving the problem wrong (2, Interesting)

fandingo (1541045) | more than 4 years ago | (#29854059)

Great post. I was thinking the exact same thing as soon as I saw Ruby was being used. It gets even worse than that: they are using Ruby on Rails. Slashdotters start foaming at the mouth thinking about how insecure Diebold code is; they should be furious that something as god-awful as RoR is being used for elections. RoR has its uses, but not in any kind of security sensitive situation.

The project does seem to be interesting because they are trying to get the FEC to update some of its certification requirements.

The only thing I want interpreted in my elections is hanging chads; keep that damn python and ruby to your selves. And get off my lawn!

Re:Solving the problem wrong (1)

myspace-cn (1094627) | more than 4 years ago | (#29855159)

It's not a great post, there's holes through it.
Specifically a "Chain of Custody" dilemma with the electronic vote tabulation devices being used.
  I don't wish such a project luck at all what so ever. All electronic vote tabulation devices must be outlawed.

Re:Solving the problem wrong (3, Insightful)

dogzilla (83896) | more than 4 years ago | (#29854381)

Wait a sec...step back. Take a deep breath and think this through.

All those rules you described are there for what purpose exactly? Because as far as I can see, those rules have not made existing voting software (which presumably meets these guidelines) any more reliable or trustworthy. If the only reason these rules exist is to make the software secure and trustworthy, and if they create what appears to be a huge burden for developers of voting systems, then perhaps we need to throw out this particular set of guidelines *along with* the existing crappy voting software.

Am I the only one to whom this is obvious? These rules don't exist for their own sake - they exist to achieve a goal. If they're not achieving that goal, the rules need to be rewritten before you even touch a single line of this code.

Re:Solving the problem wrong (0)

Anonymous Coward | more than 4 years ago | (#29856033)

I'd think that it would be even better to have the guidelines designed by a small (under 9) group of *actual* security guys... maybe even a couple of the better crackers. Ask the car thief how to stop him from stealing the car, you know?

Just a thought.

Re:Solving the problem wrong (2, Informative)

ComputerSlicer23 (516509) | more than 4 years ago | (#29856317)

I completely and totally agree with the notion that those rules are stupid. However, most states use Federal Funding for the purchase of hardware for elections. Once that is done, you must be certified by the FEC, and you must follow the above guidelines. Unless your state officials want to break Federal laws, or can find all the money for it from non-Federal sources, those rules will have to be followed. It's not like you can use an off-the-shelf computer, and the hardware is only good once maybe twice a year. You'll need one that refuses all external input except for the types of storage you plan on using to transport the votes from a machine. Even if all of the software is secure from this Open Source code, they will still need to get secure hardware. The problem is you send everyone to a place alone with the machine where they have total access. Securing the machine is actually, extremely difficult.

From what I know of the state and counties, they all use Federal money. Everybody who took HAVA money has to follow both those and ROHS rules for the hardware (ROHS, I might have the acronym wrong, but it's the environmental friendly hardware when you go to dispose of it, so no using lead, etc, etc). Even most states defer to the FEC to set testing guidelines, and most states will refuse anything that does not pass the VVSG hardware and software guidelines.

You can't run an election without a scanner of some sort. You'll need a scantron type solution for a state wide vote. You can't run those any other way. If you say "DRE", I'm going to smack you. Even one's with paper trails are stupid. Scantrons to count, and paper ballots are the only way, unless we hand count (which I've got no problem with, but the computers generally do a better job, especially if you want to do accurate stats for funding of parties). Once you start doing scantrons it will require custom hardware, and the state will be incapable of dealing with it.

I think it would be great to require a security review from real security folks. The problem with most of the VSTL employees I've dealt with, is that they aren't capable of getting a paying programmers job. That's why they review someone else's code. We tried fairly hard with the stuff I worked on. We used Linux, and used a "known" Live CD to boot from, and had a completely scripted build from source code. With the exception of the RSA Crypto library and the JDK/JRE (because we couldn't prove OpenSSL's was FIPS-140.2 compliant on our OS and hardware), everything was built in from of an Election official. We built the entire toolchain that would then build the absolutely everything that was installed on the firmware. For a "real" security review, we had almost everything. If OpenJDK had been released at the time, we would have built the JDK/JRE from scratch also.

The stuff I worked on could have been hacked, especially if the source code ever leaked. Not that it was blatantly insecure, but like most code written, it has bugs and flaws that more eyes would catch. We generally did a good job using constructs that avoided buffer overflows (we avoided most C in favor of C++ where possible). The problem was the size of the programming team (I'm guessing that maybe 5-6 full time programmers worked on the system that counted a significant fraction of the votes in the 2000 and 2004 elections). I left because of the dysfunction inside the company due to dealing with Federal crapola. I just hated the code I had to write. I hated how old and antiquated the rules I had to follow were. It was a fun gig, and I liked that I got to contribute to cleaning up some of the problems folks have with electronic voting. I took it very seriously.

I agree with you, the solution is to update the rules to involve actual security. The problem is you most literally can't. There are lots of "rules of thumb", but if there were actual rules to follow, we wouldn't have security professionals we'd just write a compiler that understood the rules. These rules exist as a proxy. Each one of them was added to mitigate some problem they had before. To require more security reviews by appropriate security professionals (who are hard to come by). Most gov't officials don't have clue about most of these topics, so it is exceedingly difficult to convince them that this structure they cling to has to be changed.

Re:Solving the problem wrong (2, Informative)

FlyingGuy (989135) | more than 4 years ago | (#29854717)

I was thinking the same thing, then I went and looked at the code and saw this:

import os
import json

from django.template import Context, loader, RequestContext
from django.http import HttpResponse, HttpResponseRedirect, HttpRequest
from django.shortcuts import render_to_response
from django.conf import settings
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required

Just as soon as I saw that, it was like, Ahh HELL NO!

I mean lets just throw in the entire kitchen sink! There is not a snowballs chance in hell of this EVER getting certified. JUST the holes/kludges in http & css will get you laughed out of the running!

Re:Solving the problem wrong (0)

Anonymous Coward | more than 4 years ago | (#29854731)

Technically all code is interpreted.
To be fair, you have to assume a binary that executes interpreted code executes it correctly.
Just like you have to assume that a processor, when given your pile of binary bits that constitute a program executes it correctly.

Re:Solving the problem wrong (1)

myspace-cn (1094627) | more than 4 years ago | (#29855133)

To be fair, whether or not interpreted code executes correctly or not doesn't matter when YOU create the chips, starting at the doping level, and nobody but you has looked at any extra logic or specially crafted logic inside such chips.

To be fair, the other part of this attack is corporate media controlling all of public spectrum (another pandora's box of shit for another rainy slashdot day)

To be fair would be to outlaw all electronic vote tabulation devices nationally.

To be fair would be paper ballots, transparently marked, with public controlled oversight, with sanity check safeguards (RE: Cops trained in chain of custody who work FOR the public against officials, the public and themselves as nobody can be trusted.)

And yeah, it's human labor. So is Jury Duty! Coincidence?

MOD Parent UP! (1)

FlyingGuy (989135) | more than 4 years ago | (#29856793)

To err is human, to really screw things up takes a computer.

Re:Solving the problem wrong (1)

myspace-cn (1094627) | more than 4 years ago | (#29855115)

I've written code that has been used to count ballots in both state and federal elections. Trust me

I don't trust you. I don't trust officials your all full of shit.

The Hardware isn't checked. PERIOD.
MASSIVE FAIL
FUCK ELECTRONIC VOTE TABULATION DEVICES!

Re:Solving the problem wrong (1)

metaconcept (1315943) | more than 4 years ago | (#29860733)

You tell a convincing tale; but why would anyone do the required rewriting by hand? The rules you mention sound very much within reach of the kinds of things obfuscating rewriters -- or compilers in general, for that matter -- do. I mean, if expensive, pointless adherence to some bureaucratic mandate is the aim, of course. Solving the problem wrong, indeed.

Trust the vote? (1)

michaelmalak (91262) | more than 4 years ago | (#29854055)

"Trust the vote"? Only if the people voting are regular readers of dailypaul.com

It is Ruby based? (0)

Anonymous Coward | more than 4 years ago | (#29854195)

Better hope no more than 25 vote then ...

In Ruby?! Shirley you jest (2, Insightful)

FlyingGuy (989135) | more than 4 years ago | (#29854661)

Oh for fucks sake, you have to be kidding me!

You want the Federal Election Commission to trust a voting machine written in a language used by script-kiddies?! That is utterly laughable in light of the DIEBOLD VB/Access debacle

This needs to be a completely stripped down Linux core, NOTHING in it except what is EXACTLY need to do this. It needs to be written in C, not C++, and I mean COMPLETELY documented ( to the point of inanity), PLAINLY written, VERBOSE code and if you want a better chance write it in ADA, that is what the government is used to dealing with and the code MUST be open source

You need to go as far as stripping down the standard C libraries to ONLY the functions called by the SINGLE program that makes it work

EVERY buffer, EVERY array must be bounds checked. There can be NO POSSIBILITY of ANY kind of a buffer overflow attack.

If you are going to use an off the shelf MB any open slot and or connector not used by a component SPECIFICALLY required to make it work must by PHYSICALLY disabled ( cut the traces/wires or whatever ). The BIOS must be custom,designed and coded to do ONLY those functions require to boot the machine, further that BIOS must be OPEN SOURCE.

As others have pointed out the PROCESS must be VERIFIABLE, it must be RELIABLE, it must be PREDICTABLE 100% of the time. There can be NO race conditions, there can be NO un-handled exceptions, and EVERY exception must have a reliable, repeatable, reproduceable result, in other words "Kernel Panic" is NOT an option.

In short it must be a totally custom machine, and created by people 100% NOT interested in getting rich.

Re:In Ruby?! Shirley you jest (1)

kvezach (1199717) | more than 4 years ago | (#29854905)

Why not go further? There's no reason why a voting machine should even be Turing complete. For plain old Plurality voting, simply have a machine that reads input (buttons or touchscreen, whatever), then blows an antifuse for the selected candidate and fuses for all the other candidates, on a PROM. Connect the PROMs to a central counter which tabulates the ballots, and there you are. (If you want Condorcet, each "ballot" needs log n bits per candidate, not just one).

What I'm saying is: design the computer out of least privilege in terms of hardware. If the computer doesn't need to modify its own code (and why would a voting machine need to do that?) then just make that impossible. They can't hack what isn't there.

Re:In Ruby?! Shirley you jest (1)

myspace-cn (1094627) | more than 4 years ago | (#29855241)

And when you figure all this bullshit out, be sure to install it on MY HARDWARE YOU DIPSHITS!

Re:In Ruby?! Shirley you jest (1)

myspace-cn (1094627) | more than 4 years ago | (#29855251)

And furthermore why isn't corporate media talking about this huh? Too fucking scared to get shredded?

Re:In Ruby?! Shirley you jest (1)

myspace-cn (1094627) | more than 4 years ago | (#29855017)

And you plan to run your well stripped, lean, mean linux on....

Specially crafted hardware at the doping level.

Re:In Ruby?! Shirley you jest (1)

myspace-cn (1094627) | more than 4 years ago | (#29855253)

adn after your all done, you stupidly installed it on my specially crafted hardware!!!!!!!!!

Re:In Ruby?! Shirley you jest (0)

Anonymous Coward | more than 4 years ago | (#29856559)

So good it was worth saying three times, huh?

Re:In Ruby?! Shirley you jest (1)

stephanruby (542433) | more than 4 years ago | (#29858447)

You want the Federal Election Commission to trust a voting machine written in a language used by script-kiddies?! That is utterly laughable in light of the DIEBOLD VB/Access debacle

No, but I'm not opposed to them giving it a try either. If you look at the projects on sourceforge, the overwhelming majority of them are either dead or dormant, but that doesn't make the open source process that lead to them a complete dud.

Some great open source projects have come out of sourceforge (and many other places as well of course). I don't know if the success rate is 1%, or 0.5%, or even lower than that, but whatever it is, I'd still consider the process a good one.

Also, the desire to create open source software is so high and the barrier to entry is so low, many programming newbies end up cutting their teeth on those types of projects. This encourages participation and programming literacy. And a newbie may not be able to code a perfect voting solution for instance, but at least even if his solution is not selected for any election, or doesn't even come close to being selected for one, it only means that there is at least one more person that's at least semi-computer literate and invested enough to weigh in for the process of selecting a voting solution.

They're missing the point... (2, Insightful)

Pembers (250842) | more than 4 years ago | (#29855271)

Voting machines are inherently untrustworthy. Publish all the code you like. Have it inspected by Donald Knuth. The voters have no way of knowing that that code is what's actually running on the machines in the polling stations, or that the hardware will execute it in the way that the language spec says it should. Attempts to give them a way to know are a sticking plaster over a gaping wound - there are too many things about the machine that are invisible to the naked eye, and too many ways in which the machine can be made to lie.

Paper-based elections need a lot of people to run them. This is a good thing, because someone who wants to rig an election has to bribe or threaten a lot of people. The more people are in that position, the more likely one of them is to blow the whistle. Someone who wants to rig an election that's run by voting machines has to influence far fewer people. That's the whole point of computers - they do work that would otherwise have to be done by people. If you want to bring in lots more people who are hard to bribe or threaten, you might as well have them run the election and leave the computers out of it.

The argument that voting machines will give us the result of the election faster than paper ballots is true but irrelevant. Do you want the wrong answer in half an hour, or the right answer in two days? A politician, once elected, will serve for three to five years, and unless he drops dead or gets a blowjob from the wrong person, it's very hard to remove him before the next election. You'd better be damn sure that the guy you put there was the one the people actually wanted.

securing the wrong channel (1)

bwashed75 (1389301) | more than 4 years ago | (#29856007)

All this focus on securing an inherently insecure channel..I suggest we instead make sure that if the votes are not OK then it will be discovered after the election? I mean, if anonymity weren't an issue it would be as easy as having a list at the library after the election with names of people in one column and whatever they voted for in another. If everyone is happy with their own entry and the list doesn't have bogus entries, the election went well. Since anonymity is an issue, let the voters draw their receit number from a hat and use that number in the library list instead.

Re: (1)

clint999 (1277046) | more than 4 years ago | (#29858395)

only crooks will provide voting software.Aye! You get it.YOUR MY NEW FRIEND

We don't need electronic voting. (1)

PotatoHead (12771) | more than 4 years ago | (#29860771)

That's it really.

The paper is better because it's verifiable, and does not require trusting enabling technology to run an election. No electronic system meets this criteria, unless it's voting record is written to physical media in a human readable, enduring way. So then, why bother?

Doing it with paper gets people involved in their civics too.

I'll give them top marks for open source, but a FAIL for it just not being a necessary thing.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>